Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
iid=i-04XXXXXXXXXXXXX4f
# find security group of instance
securitygroups=`aws --profile dev ec2 describe-instances --region us-east-2 --instance-id $iid --query Reservations[*].Instances[*].SecurityGroups[*][GroupId] --output text`
# see open rules ( there's usually not many )
aws --profile dev --region us-east-2 ec2 describe-security-groups --group-ids $securitygroups --query '*[*][GroupId,IpPermissions[?FromPort!=null].[FromPort,ToPort,IpRanges[*].CidrIp]]' --output text
# find subnet
subnet=`aws --profile dev ec2 describe-instances --region us-east-2 --instance-id $iid --query Reservations[*].Instances[*][SubnetId] --output text`
# now check default route. If it's through an IGW, we should be good!
aws ec2 --region us-east-2 --profile dev describe-route-tables --filters Name=association.subnet-id,Values=$subnet --query RouteTables[*].Routes[?DestinationCidrBlock=='`0.0.0.0/0`']
# get it's public IP
aws --profile dev ec2 describe-instances --region us-east-2 --instance-id $iid --query Reservations[*].Instances[*].PublicIpAddress --output text
#And you're good to go!
@farrellit
Copy link
Author

farrellit commented Dec 19, 2016

How to discover whether iid in an EC2 subnet is actually able to hold a public IP

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment